Corporate USB storage devices, i.e. permanently neglected devices

Nine out of ten. So many people use USB flash drives at work and the same number lost the carrier at least once, concealing this fact in front of their company. Anzena, a data protection and IT continuity expert, warns that the lack of security policies regarding USB and DLP solutions can hit the company as quickly and smoothly as private employee videos circulate between corporate disks.

So you need to provide 8GB of data without slowing down the network drive used by important company applications? No problem - you unplug the USB key fob from the keys and the files will land on your friend's laptop in a moment. Simple, fast and without an administrator's call. No wonder that in the latest Apricorn survey, as many as 9 out of 10 IT specialists confirm the frequent use of portable flash memory in the workplace. Naturally, the volume of data circulating between hundreds of tiny disks does not have to go into gigabytes, because their content is crucial. All you need is a package of scans with employment contracts - small, but large enough that it will not fit as an attachment in the company's mail. How does the security of thousands of similar transfers look like?

  • 80% of the survey participants say that data protection is a "high priority" for them, and similarly in the places where they are employed.
  • Nearly 58% have adequate security and procedures for using flash memory, and 54% use DLP (data-leak-protection) solutions that detect unauthorized copying of confidential data to USB.
  • Half of the surveyed companies require reporting of portable memory loss, and 49% allow employees to use only approved disks.

So many theories, because the reality is a bit screeching.

Although 50% of respondents are required to ask for permission to use USB, in reality only 15% of them do so. In turn, 8 out of 10 employees use external drives at work, for example, as advertising gadgets during industry events. How many administrators will ask the administrator to check the memory before being connected to the company's infrastructure? Data is missing, but you can assume that there will not be many of them. The group using encryption is also small. Although it is in fact the basic security measure when transferring data, it is used by only 20% of surveyed specialists.

Someone might say that "the statistics are not the best, but USB disks do not get lost so often". They lose - as many as 87% of specialists participating in the study have at least one unreported loss of flash memory with company data behind them. Most of them probably contained statistics and projects, the loss of which was admittedly cumbersome and expensive (including image) ... but it did not threaten anyone's life as the last fall into the security services of British Heathrow.

On October 29, an unencrypted memory stick was found on London street with sensitive and sensitive data about the airport's security and how it was used by the British queen, ministers and foreign guests. Neither the disk itself nor the data it contained were protected even with a simple password. Experts from Anzena remind that according to statistics from 2016, almost 207,000 people visit the airport every day. If the monitoring maps and descriptions of anti-terrorist systems from the disk were sent to a person with bad intentions, a potential disaster or a planned terrorist attack would be practically impossible to detect.

Anzena reminds you that unsecured disks create a double threat - a data leak, but also a dangerous cryptic infection or other virus attack. In the case of USB ports, a partial solution is to block them and allow only encrypted media. It is also worth remembering about additional security in the form of a dedicated DLP solution. The company's experts remind that companies and organizations should control the flow of their data as accurately as possible, especially when they leave the company. In the context of the EU regulation on personal data protection (RODO), which will come into force on May 25, 2018, this recommendation can no longer be regarded as an industry mantra. They should simply be implemented.

Tags


Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.